Bug 256544 - jail crashes on config parsing
Summary: jail crashes on config parsing
Status: Closed FIXED
Alias: None
Product: Base System
Classification: Unclassified
Component: bin (show other bugs)
Version: Unspecified
Hardware: amd64 Any
: --- Affects Only Me
Assignee: Jamie Gritton
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2021-06-11 03:46 UTC by crypt47
Modified: 2021-06-24 17:55 UTC (History)
2 users (show)

See Also:

Attachments
Don't allow substitution of value-less parameters. (437 bytes, patch)
2021-06-14 19:24 UTC, Jamie Gritton 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description crypt47 2021-06-11 03:46:01 UTC 
With the following config the jail binary crashes. Please, note $vnet in the last config line. It's not defined and it's the reason.

# for real network
vnet;

mount.devfs;

path = "/censored/$name";

mount.devfs;
exec.start = "/bin/sh /etc/rc";
exec.stop = "/bin/sh /etc/rc.shutdown";

# for tcpdump
devfs_ruleset = 5;

allow.raw_sockets = true;
persist = true;

allow.set_hostname = true ;
allow.chflags = true ;
allow.sysvipc = true ;
allow.mount = true ;
allow.mount.devfs = true;
allow.mount.fdescfs = true ;
allow.mount.nullfs = true ;
allow.mount.procfs = true ;
allow.sysvipc = true;
#allow.mount.linprocfs = true ;
#allow.mount.linsysfs = true ;
allow.mount.tmpfs = true ;
allow.socket_af = true ;
allow.raw_sockets = true ;


1194 {

    exec.poststop = "$vnet ${jid} del";
}

(gdb) run -c 1194
Starting program: /usr/sbin/jail -c 1194

Program received signal SIGSEGV, Segmentation fault.
load_config () at /usr/src/usr.sbin/jail/config.c:229
229	in /usr/src/usr.sbin/jail/config.c

# uname -a
FreeBSD bewitched 12.2-RELEASE-p7 FreeBSD 12.2-RELEASE-p7 GENERIC  amd64
Comment 1 joeb1 2021-06-12 01:33:58 UTC 
 See 
https://forums.freebsd.org/threads/vnet-jail-with-public-internet-access-using-the-bridge-epair-method.76071/
for the correct way to set up a vnet jail. Give attention to size of addresses to assign to each vnet jail. And besides you have ever option when it not necessary. What your doing with options just makes any jail insecure. That may be ok for test but not acceptable for production.
Comment 2 crypt47 2021-06-12 05:46:54 UTC 
joeb1@a1poweruser.com, thanks, I can take care of my jails just fine. It's not the point of this bug report.
Comment 3 Jamie Gritton freebsd_committer freebsd_triage 2021-06-14 19:24:55 UTC 
Created attachment 225808 [details]
Don't allow substitution of value-less parameters.
Comment 4 Jamie Gritton freebsd_committer freebsd_triage 2021-06-14 19:26:12 UTC 
Not defined is no problem - but I hadn't considered semi-defined!  The patch fills this gap, treating parameters that exist but have no value as not existing for the sake of variable substitution.
Comment 5 commit-hook freebsd_committer freebsd_triage 2021-06-18 16:47:58 UTC 
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/src/commit/?id=5bf6dca2c6dbf63d382e97905e205ded3e8525d2

commit 5bf6dca2c6dbf63d382e97905e205ded3e8525d2
Author:     Jamie Gritton <jamie@FreeBSD.org>
AuthorDate: 2021-06-18 16:44:37 +0000
Commit:     Jamie Gritton <jamie@FreeBSD.org>
CommitDate: 2021-06-18 16:44:37 +0000

    jail: Don't allow substitution of valueless jail parameters.
    PR:             256544
    Reported by:    cryptogranny at gmail.com

 usr.sbin/jail/config.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
Comment 6 commit-hook freebsd_committer freebsd_triage 2021-06-24 17:52:37 UTC 
A commit in branch stable/13 references this bug:

URL: https://cgit.FreeBSD.org/src/commit/?id=6e2623c012c3a704ad00b92e8114635845801bb7

commit 6e2623c012c3a704ad00b92e8114635845801bb7
Author:     Jamie Gritton <jamie@FreeBSD.org>
AuthorDate: 2021-06-18 16:44:37 +0000
Commit:     Jamie Gritton <jamie@FreeBSD.org>
CommitDate: 2021-06-24 17:51:27 +0000

    jail: Don't allow substitution of valueless jail parameters.
    PR:             256544
    Reported by:    cryptogranny at gmail.com

    (cherry picked from commit 5bf6dca2c6dbf63d382e97905e205ded3e8525d2)

 usr.sbin/jail/config.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
Comment 7 commit-hook freebsd_committer freebsd_triage 2021-06-24 17:53:39 UTC 
A commit in branch stable/12 references this bug:

URL: https://cgit.FreeBSD.org/src/commit/?id=ade910f43b70b0ced99a2c31bd965a5637caf320

commit ade910f43b70b0ced99a2c31bd965a5637caf320
Author:     Jamie Gritton <jamie@FreeBSD.org>
AuthorDate: 2021-06-18 16:44:37 +0000
Commit:     Jamie Gritton <jamie@FreeBSD.org>
CommitDate: 2021-06-24 17:53:24 +0000

    jail: Don't allow substitution of valueless jail parameters.
    PR:             256544
    Reported by:    cryptogranny at gmail.com

    (cherry picked from commit 5bf6dca2c6dbf63d382e97905e205ded3e8525d2)

 usr.sbin/jail/config.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
Comment 8 commit-hook freebsd_committer freebsd_triage 2021-06-24 17:54:40 UTC 
A commit in branch stable/11 references this bug:

URL: https://cgit.FreeBSD.org/src/commit/?id=75befde07bdf1e3059c8c5e8928a695e5e59d698

commit 75befde07bdf1e3059c8c5e8928a695e5e59d698
Author:     Jamie Gritton <jamie@FreeBSD.org>
AuthorDate: 2021-06-18 16:44:37 +0000
Commit:     Jamie Gritton <jamie@FreeBSD.org>
CommitDate: 2021-06-24 17:54:00 +0000

    jail: Don't allow substitution of valueless jail parameters.
    PR:             256544
    Reported by:    cryptogranny at gmail.com

    (cherry picked from commit 5bf6dca2c6dbf63d382e97905e205ded3e8525d2)

 usr.sbin/jail/config.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)